lecture notes 12 fall 2010
TRANSCRIPT
-
7/29/2019 Lecture Notes 12 Fall 2010
1/48
Inside the Orange Book
SYCS 653 Fall 2010
Lecture 12 Notes
Wayne Patterson
-
7/29/2019 Lecture Notes 12 Fall 2010
2/48
Orange Book If youre at all interested in computer
security, youll need to know somethingabout the Orange Book. As more
organizations become security-conscious,as more vendors develop secure systemsand products, and as more governmentrequisitions stipulate that equipment
purchases be tied to Orange Bookcertification, theres more of a need tounderstand the Orange Book.
-
7/29/2019 Lecture Notes 12 Fall 2010
3/48
References
References: The entire series of publications oncomputer security standards known as theRainbow Series Library is on the web, throughthe National Computer Security Center (NCSC).The URL for the entire series is:
http://www.radium.ncsc.mil/tpep/library/rainbow/
and in particular for the Orange Book (available
also in text, PostScript, or PDF format): http://www.radium.ncsc.mil/tpep/library/rainbow/
5200.28-STD.html
http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html -
7/29/2019 Lecture Notes 12 Fall 2010
4/48
Rainbow Series Library
Rainbow Series Library
Document Format Information
5200.28-STD DoD Trusted Computer System Evaluation Criteria, 26 December 1985
(Supercedes CSC-STD-001-83, dtd 15 Aug 83). (Orange Book)
CSC-STD-002-85 DoD Password Management Guideline, 12 April 1985. (Green Book)
CSC-STD-003-85 Computer Security Requirements -- Guidance for Applying the DoD
TCSEC in Specific Environments, 25 June 1985 (Light Yellow Book)
CSC-STD-004-85
Technical Rational Behind CSC-STD-003-85: Computer SecurityRequirements -- Guidance for Applying the DoD TCSEC in SpecificEnvironments, 25 June 1985. (Yellow Book)
http://www.radium.ncsc.mil/tpep/library/rainbow/index.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-003-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-004-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-004-85.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-004-85.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-004-85.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-004-85.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-004-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-004-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-004-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-004-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-004-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-004-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-004-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-003-85.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-003-85.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-003-85.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-003-85.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-003-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-003-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-003-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-003-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-003-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-003-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-003-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/CSC-STD-002-85.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/index.html -
7/29/2019 Lecture Notes 12 Fall 2010
5/48
Rainbow Series Library
NTISSAM COMPUSEC/1-87Advisory Memorandum on Office Automation Security
Guidelines
NCSC-TG-001 Ver. 2A Guide to Understanding Audit in Trusted Systems 1 June
1988, Version 2. (Tan Book) NCSC-TG-002
Trusted Product Evaluations - A Guide for Vendors, 22 June1990. (Bright Blue Book)see also TPEP Procedures which superceedes parts of thisdocument.
NCSC-TG-003A Guide to Understanding Discretionary Access Control in
Trusted Systems, 30 September 1987. (Neon Orange Book)
http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-001-2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-002.htmlhttp://www.radium.ncsc.mil/tpep/process/procedures.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-003.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-003.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-003.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-003.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-003.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-003.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-003.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-003.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-003.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-003.htmlhttp://www.radium.ncsc.mil/tpep/process/procedures.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-002.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-002.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-002.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-002.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-002.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-002.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-002.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-002.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-002.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-001-2.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-001-2.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-001-2.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-001-2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-001-2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-001-2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-001-2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-001-2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/N-C-1-87.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/N-C-1-87.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/N-C-1-87.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/N-C-1-87.txt -
7/29/2019 Lecture Notes 12 Fall 2010
6/48
Rainbow Series Library
NCSC-TG-004Glossary of Computer Security Terms, 21 October 1988. (Teal
Green Book) (NCSC-WA-001-85 is obsolete)
NCSC-TG-005 Trusted Network Interpretation of the TCSEC (TNI), 31 July
1987. (Red Book) NCSC-TG-006
A Guide to Understanding Configuration Management in TrustedSystems, 28 March 1988. (Amber Book)
NCSC-TG-007
A Guide to Understanding Design Documentation in TrustedSystems, 6 October 1988. (Burgundy Book)see also Process Guidelines for Design Documentation whichmay supercede parts of this document.
http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-005.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-006.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-007.htmlhttp://www.radium.ncsc.mil/tpep/library/process_documents/index.htmlhttp://www.radium.ncsc.mil/tpep/library/process_documents/index.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-007.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-007.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-007.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-007.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-007.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-007.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-007.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-007.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-007.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-006.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-006.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-006.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-006.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-006.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-006.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-006.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-006.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-006.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-005.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-005.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-005.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-005.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-005.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-005.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-005.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-005.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-005.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-004.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-004.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-004.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-004.txt -
7/29/2019 Lecture Notes 12 Fall 2010
7/48
Rainbow Series Library
NCSC-TG-008A Guide to Understanding Trusted Distribution in Trusted
Systems 15 December 1988. (Dark Lavender Book)
NCSC-TG-009 Computer Security Subsystem Interpretation of the TCSEC 16
September 1988. (Venice Blue Book) NCSC-TG-010
A Guide to Understanding Security Modeling in TrustedSystems, October 1992. (Aqua Book)
NCSC-TG-011
Trusted Network Interpretation Environments Guideline -Guidance for Applying the TNI, 1 August 1990. (Red Book)
NCSC-TG-013 Ver.2 RAMP Program Document, 1 March 1995, Version 2 (Pink Book)
http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-008.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-009.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-011.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-013.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-013.2.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-013.2.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-013.2.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-013.2.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-013.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-013.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-013.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-013.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-013.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-011.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-011.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-011.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-011.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-011.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-011.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-011.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-011.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-011.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-010.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-010.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-010.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-010.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-009.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-009.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-009.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-009.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-009.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-009.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-009.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-009.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-009.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-008.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-008.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-008.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-008.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-008.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-008.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-008.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-008.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-008.html -
7/29/2019 Lecture Notes 12 Fall 2010
8/48
Rainbow Series Library
NCSC-TG-014 Guidelines for Formal Verification Systems, 1 April 1989. (Purple Book)
NCSC-TG-015A Guide to Understanding Trusted Facility Management, 18 October
1989 (Brown Book)
NCSC-TG-016 Guidelines for Writing Trusted Facility Manuals, October 1992. (Yellow-
Green Book)
NCSC-TG-017A Guide to Understanding Identification and Authentication in Trusted
Systems, September 1991. (Light Blue Book)
NCSC-TG-018A Guide to Understanding Object Reuse in Trusted Systems, July 1992.
(Light Blue Book)
http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-014.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-015.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-016.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-017.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-018.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-018.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-018.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-018.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-018.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-018.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-018.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-018.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-018.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-018.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-017.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-017.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-017.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-017.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-017.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-017.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-017.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-017.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-017.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-016.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-016.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-016.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-016.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-016.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-016.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-016.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-016.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-016.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-015.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-015.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-015.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-015.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-015.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-015.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-015.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-015.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-015.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-014.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-014.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-014.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-014.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-014.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-014.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-014.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-014.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-014.html -
7/29/2019 Lecture Notes 12 Fall 2010
9/48
Rainbow Series Library
NCSC-TG-019 Ver. 2 Trusted Product Evaluation Questionaire, 2 May 1992, Version 2. (Blue
Book)
NCSC-TG-020-A Trusted UNIX Working Group (TRUSIX) Rationale for Selecting Access
Control List Features for the UNIX System, 7 July 1989. (Silver Book)
NCSC-TG-021 Trusted Database Management System Interpretation of the TCSEC
(TDI), April 1991. (Purple Book)
NCSC-TG-022A Guide to Understanding Trusted Recovery in Trusted Systems, 30
December 1991. (Yellow Book)
NCSC-TG-023A Guide to Understanding Security Testing and Test Documentation in
Trusted Systems (Bright Orange Book)see also Process Guidelines for Test Documentation which maysupercede parts of this document.
http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-019.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-021.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-022.htmlhttp://www.radium.ncsc.mil/tpep/library/process_documents/index.htmlhttp://www.radium.ncsc.mil/tpep/library/process_documents/index.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-023.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-023.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-023.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-023.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-022.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-022.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-022.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-022.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-022.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-022.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-022.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-022.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-022.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-021.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-021.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-021.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-021.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-021.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-021.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-021.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-021.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-020-A.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-019.2.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-019.2.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-019.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-019.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-019.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-019.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-019.2.html -
7/29/2019 Lecture Notes 12 Fall 2010
10/48
Rainbow Series Library
NCSC-TG-024 Vol. 1/4 A Guide to Procurement of Trusted Systems: An Introduction to Procurement
Initiators on Computer Security Requirements, December 1992. (Purple Book)
NCSC-TG-024 Vol. 2/4 A Guide to Procurement of Trusted Systems: Language for RFP Specifications
and Statements of Work - An Aid to Procurement Initiators, 30 June 1993.(Purple Book)
NCSC-TG-024 Vol. 3/4 A Guide to Procurement of Trusted Systems: Computer Security Contract Data
Requirements List and Data Item Description Tutorial, 28 February 1994. (PurpleBook)
NCSC-TG-024 Vol. 4/4 A Guide to Procurement of Trusted Systems: How to Evaluate a Bidder's
Proposal Document - An Aid to Procurement Initiators and Contractors (PurpleBook) (publication TBA)
NCSC-TG-025 Ver. 2 A Guide to Understanding Data Remanence in Automated Information Systems,
September 1991, Version 2, (Supercedes CSC-STD-005-85). (Forest GreenBook)
http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-1.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-3.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-3.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-3.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-3.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-3.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-3.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-3.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-3.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-3.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-3.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-2.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-2.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-2.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-2.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-2.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-1.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-1.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-1.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-1.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-1.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-1.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-1.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-1.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-024-1.html -
7/29/2019 Lecture Notes 12 Fall 2010
11/48
Rainbow Series Library
NCSC-TG-026A Guide to Writing the Security Features User's Guide for Trusted
Systems, September 1991. (Hot Peach Book)
NCSC-TG-027A Guide to Understanding Information System Security Officer
Responsibilities for Automated Information Systems, May 1992.(Turquoise Book)
NCSC-TG-028Assessing Controlled Access Protection, 25 May 1992. (Violet Book)
NCSC-TG-029 Introduction to Certification and Accreditation Concepts, January 1994.
(Blue Book)
NCSC-TG-030A Guide to Understanding Covert Channel Analysis of Trusted Systems,
November 1993. (Light Pink Book)
http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-026.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-030.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-029.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-029.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-029.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-029.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-028.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-028.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-028.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-028.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-027.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-027.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-027.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-027.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-026.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-026.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-026.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-026.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-026.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-026.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-026.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-026.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-026.html -
7/29/2019 Lecture Notes 12 Fall 2010
12/48
Rainbow Series Library
Other NCSC Publ icat ions
C1 Technical Report 001 Technical Report, Computer Viruses: Prevention, Detection, and
Treatment, 12 March 1990
C Technical Report 79-91 Technical Report, Integrity in Automated Information Systems,
September 1991.
C Technical Report 32-92 The Design and Evaluation of INFOSEC systems: The Computer
Security Contribution to the Composition Discussion, June 1992.
C Technical Report 111-91 Integrity-Oriented Control Objectives: Proposed Revisions to the
TCSEC, October 1991.
http://www.radium.ncsc.mil/tpep/library/rainbow/C1-TR-001.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-32-92.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-111-91.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-111-91.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-111-91.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-111-91.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-32-92.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-32-92.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-32-92.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-32-92.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-32-92.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-32-92.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-32-92.htmlhttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-79-91.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-79-91.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-79-91.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/C-TR-79-91.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/C1-TR-001.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/C1-TR-001.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/C1-TR-001.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/C1-TR-001.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/C1-TR-001.html -
7/29/2019 Lecture Notes 12 Fall 2010
13/48
Rainbow Series Library
NCSC Technical Report 002Use of the TCSEC for Complex, Evolving, Mulitpolicy
Systems
NCSC Technical Report 003Turning Multiple Evaluated Products Into Trusted
Systems
NCSC Technical Report 004A Guide to Procurement of Single Connected Systems -
Language for RFP Specifications and Statements ofWork - An Aid to Procurement Initiators - IncludesComplex, Evolving, and Multipolicy Systems
http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-004.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-004.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-004.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-004.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-003.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-003.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-003.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-003.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-002.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-002.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-002.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-002.txt -
7/29/2019 Lecture Notes 12 Fall 2010
14/48
Rainbow Series Library
NCSC Technical Report 005 Volume 1/5 Inference and Aggregation Issues In Secure Database
Management Systems
NCSC Technical Report 005 Volume 2/5 Entity and Referential Integrity Issues In Multilevel Secure
Database Management NCSC Technical Report 005 Volume 3/5
Polyinstantiation Issues In Multilevel Secure DatabaseManagement Systems
NCSC Technical Report 005 Volume 4/5
Auditing Issues In Secure Database Management Systems NCSC Technical Report 005 Volume 5/5
Discretionary Access Control Issues In High Assurance SecureDatabase Management Systems
http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-5.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-5.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-5.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-5.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-4.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-4.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-4.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-4.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-3.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-3.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-3.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-3.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-2.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-2.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-2.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-2.txthttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-1.ps.gzhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-1.pdfhttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-1.pshttp://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TR-005-1.txt -
7/29/2019 Lecture Notes 12 Fall 2010
15/48
Four Divisions
The Orange Book defines four broadhierarchical divisions of securityprotection. In increasing order of trust,
they are:
D Minimal security
C Discretionary protection
B Mandatory protection
A Verified protection
-
7/29/2019 Lecture Notes 12 Fall 2010
16/48
Numbered Classes
Each division consists of one or more
numbered classes, with higher numbers
indicating a higher degree of security. For
example, division C contains two distinctclasses (C2 offers more security than C1);
division B contains three classes ( B3 > B2
> B1 ); division A currently contains onlyone class.
-
7/29/2019 Lecture Notes 12 Fall 2010
17/48
Criteria
Each class is defined by a specific set of
criteria that a system must be awarded a
rating in that class. The criteria fall into
four general categories: security policy,accountability, assurance, and
documentation.
-
7/29/2019 Lecture Notes 12 Fall 2010
18/48
Measurement
The evaluation criteria for the Orange Book were
developed with three basic objectives:
Measurement: To provide users with a metric
with which to assess the degree of trust that canbe placed in computer systems for the secure
processing of classified or other sensitive
information. For example, a user can rely on a
B2 system to be more secure than a C2system.
-
7/29/2019 Lecture Notes 12 Fall 2010
19/48
Guidance
Guidance: To provide guidance to
manufacturers as to what to build into their
trusted commercial products to satisfy
trust requirements for sensitiveapplications.
-
7/29/2019 Lecture Notes 12 Fall 2010
20/48
Acquisition
Acquisition: To provide a basis for specifying
security requirements in acquisition
specifications. Rather than specifying a hodge-
podge of security requirements, and havingvendors respond in piecemeal fashion, the
Orange Book provides a clear way of specifying
a coordinated set of security functions. A
customer can be confident that the system he orshe acquires has already been checked out for
the needed degree of security.
-
7/29/2019 Lecture Notes 12 Fall 2010
21/48
Whats a Trusted System?
The Orange Book defines it as:
A system that employs sufficient hardware
and software integrity measures to allow
its use for processing simultaneously a
range of sensitive or classified information.
-
7/29/2019 Lecture Notes 12 Fall 2010
22/48
Measu r ing Trus t
How does the Orange Book measure
trust? The book approaches security from
two perspectives:
-
7/29/2019 Lecture Notes 12 Fall 2010
23/48
Security Policy
A security policy states the rules enforced by a
systems security features; e.g. the rules
governing whether a particular user is allowed to
access a particular piece of information.Obviously, there are more security features in a
highly secure system (B1 or higher) than in a
less secure system (say, C1 or C2), although at
the highest levels there are actually fewdifferences in security features. Instead there is
more assurance.
-
7/29/2019 Lecture Notes 12 Fall 2010
24/48
Assurance
Assurance is the trust that can be placed in a
system, and the trusted ways the system can be
proven to have been developed, tested,documented, maintained and delivered to a
customer. At the higher levels of security, there
are few changes in security features, but a
definite increase in the degree of assurance auser can place in the systems architecture and
security policies.
-
7/29/2019 Lecture Notes 12 Fall 2010
25/48
Assurance
As the Orange Book puts it, assurance begins [at thelowest class] with an operable access controlmechanism and ends [at the highest class] with amechanism that a clever and determined user cannot
circumvent.In the lower classes (C1, C2, B1) assuranceof correct and complete design and implementation isgained mostly through testing of the security-relevantportions of the system. In the higher classes (B2, B3,and A1), assurance is derived more from system design
and implementation and, at the highest level (A1 only)from formal verification tools. Assurance is described indetail later in this lecture.
-
7/29/2019 Lecture Notes 12 Fall 2010
26/48
Trusted Compu t ing Base
The concept of the trusted computing base
(TCB) is central to the notion of a trusted
system. The Orange Book uses the term
TCB to refer to the mechanisms thatenforce security in a system. The book
defines the TCB as follows:
-
7/29/2019 Lecture Notes 12 Fall 2010
27/48
Trusted Compu t ing Base
The totality of protection mechanisms within acomputer system -- including hardware,firmware, and software -- the combination ofwhich is responsible for enforcing a security
policy. A TCB consists of one or morecomponents that together enforce a unifiedsecurity policy over a product or system. Theability of a trusted computing base to correctlyenforce a security policy depends solely on the
mechanisms within the TCB and on the correctinput by system administrative personnel of
parameters (e.g., a user's clearance) related tothe security policy.
-
7/29/2019 Lecture Notes 12 Fall 2010
28/48
Defining the TCB
Not every part of an operating system
needs to be trusted. An important part of
an evaluation of a computer system is to
identify the architecture, assurancemechanisms, and security features that
comprise the TCB, and to show how the
TCB is protected from interference andtampering.
-
7/29/2019 Lecture Notes 12 Fall 2010
29/48
Reference Monitor
A reference monitor is a concept that enforces theauthorized access relationships between subjects andobjects of a system. James Anderson, the developer ofthis concept, lists three design requirements that must
be met by a reference monitor mechanism: Isolation: the reference monitor must be tamperproof.
Completeness: the reference monitor must be invokedfor every access decision, and must be impossible tobypass.
Verifiability: the reference monitor must be small enoughto be able to be analyzed and tested, and it must bepossible to ensure that the testing is complete.
-
7/29/2019 Lecture Notes 12 Fall 2010
30/48
Secu ri ty Pol icy
A security policy is the set of rules and practices
that regulate how an organization manages,
protects, and distributes sensitive information. A
security policy is typically stated in terms ofsubjects and objects. A subject is something
active in the system; examples are users,
processes, and programs. An object is
something that a subject acts upon; examples ofobjects are files, directories, devices, sockets,
and windows.
-
7/29/2019 Lecture Notes 12 Fall 2010
31/48
Secu ri ty Pol icy
The Orange Book defines a security policy
as follows:
The set of laws, rules, and practices that
regulate how an organization manages,
protects, and distributes sensitive
information.
-
7/29/2019 Lecture Notes 12 Fall 2010
32/48
Policy --- Informal or Formal
At the lower levels of trust (C1, C2, B1) an
informally stated policy is acceptable. At
the higher levels of trust (B2, B3, A1), a
formally stated, mathematically precisepolicy is required.
-
7/29/2019 Lecture Notes 12 Fall 2010
33/48
Secu ri ty Model
A security model expresses a systems security
requirements precisely and without confusion.
The Orange Book criteria are based on the
state-machine model developed by David Belland Leonard LaPadula in 1973. This is the first
mathematical model of a multi-level secure
computer system. The Orange Book describes
the Bell-LaPadula model as follows:
-
7/29/2019 Lecture Notes 12 Fall 2010
34/48
Bell-LaPadula
A formal state transition model of computer security policy thatdescribes a set of access control rules. In this formal model, theentities in a computer system are divided into abstract sets ofsubjects and objects. The notion of a secure state is defined and itis proven that each state transition preserves security by movingfrom secure state to secure state; thus, inductively proving that the
system is secure. A system state is defined to be "secure" if theonly permitted access modes of subjects to objects are inaccordance with a specific security policy. In order to determinewhether or not a specific access mode is allowed, the clearance of asubject is compared to the classification of the object and adetermination is made as to whether the subject is authorized for thespecific access mode. The clearance/classification scheme is
expressed in terms of a lattice.
-
7/29/2019 Lecture Notes 12 Fall 2010
35/48
Secu ri ty Kernel
A security kernel, a concept developed byRoger Schell in 1972 (or was it a securityshell developed by Colonel Rogers?) is
the operating system mechanism thatactually implements the reference monitorconcept. The security kernel is the heart ofthe TCB --- the resource in the computing
system that supervises all system activityin according with the systems securitypolicy.
-
7/29/2019 Lecture Notes 12 Fall 2010
36/48
Simplicity
Simplicity is a very important characteristic
of the TCB. As the Orange Book puts it,
the TCB should be as simple as possible,
consistent with the functions it has toperform.
-
7/29/2019 Lecture Notes 12 Fall 2010
37/48
Secu ri ty Perimeter
The security kernel, as well as othersecurity-related system functions, lieswithin the imaginary boundary of the TCB
known as the security perimeter. In highlytrusted systems, the TCB must bedesigned and implemented in such a waythat system elements included in it are
designed to perform security functions,while those elements excluded from theTCB need not be trusted.
-
7/29/2019 Lecture Notes 12 Fall 2010
38/48
Orange Book Evaluat ion Classes
Class, Name, Examples
D: Minimal security
None. Reserved for systems that are submitted
to evaluation but fail. Basic operating systems
for personal computers such as Windows, Mac,and MS-DOS would probably fall into this
category if they were evaluated.
-
7/29/2019 Lecture Notes 12 Fall 2010
39/48
C1
C1: Discretionary security protection
IBM: MVS/RACFAlthough ordinary UNIX
systems have not been submitted for formal
evaluation, many people feel that such systems
would get a C1.
-
7/29/2019 Lecture Notes 12 Fall 2010
40/48
C2
C2: Controlled access protection
Computer Associates International: ACF2/MVS
DEC: VAX/VMS 4.5
Gould: UTX/32SHewlett-Packard MPE V/E
Wang Labs: SVS/OS CAP 1.0
-
7/29/2019 Lecture Notes 12 Fall 2010
41/48
B1
B1: Labeled security protection
AT&T: System V/MLS
IBM: MVS/ESA
SecureWare: CMW+
UNISYS: OS 1100
-
7/29/2019 Lecture Notes 12 Fall 2010
42/48
B2
B2: Structured protection
Honeywell Information Systems: Multics
Trusted Information Systems: Trusted XENIX
-
7/29/2019 Lecture Notes 12 Fall 2010
43/48
B3
B3: Security domains
Honeywell Federal Systems: XTS-200
-
7/29/2019 Lecture Notes 12 Fall 2010
44/48
A1
A1: Verified design
Honeywell Information Systems: SCOMP
Boeing Aerospace: SNS
-
7/29/2019 Lecture Notes 12 Fall 2010
45/48
Complain ts About the Orange Book
Here are some of the main claims about the inadequacies of Orange: The Orange Book model works only in a government classified
environment, and the higher levels of security arent appropriate for theprotection of commercial data, where data integrity is the chief concern.
The Orange Book focuses on only one aspect of security --- secrecy ---
while paying little attention to the principles of accuracy, availability, andauthenticity.
The Orange Book emphasizes protection from unauthorized access, whilemost security attacks actually involve insiders.
The Orange Book doesnt address networking issues. (But the Red Bookdoes.)
The Orange Book contains a relatively small number of security ratings. A
system that offers a subset of Orange Book security features, plus somevery strong features in other areas not addressed by the Orange Book (forexample, integrity) wouldnt fit into any of the current ratings.
-
7/29/2019 Lecture Notes 12 Fall 2010
46/48
C1 C2 B1 B2 B3 A1
Discretionary Access Control SP
Object Reuse
Labels
Label Integrity
Exportation of Labeled Information
Exportation of Multilevel Devices
Exportation of Single-Level Devices
Labeling Human-Readable Output
Mandatory Access Control
Subject Sensitivity Labels
Device Labels
Identification and Authentication AC
-
7/29/2019 Lecture Notes 12 Fall 2010
47/48
The Rainbow Series and Other
Sources
The government has produced a number
of other volumes interpreting Orange Book
requirements. These are known
collectively as the Rainbow Series, sinceeach has a different cover color.
-
7/29/2019 Lecture Notes 12 Fall 2010
48/48
Colors o f the Rainbow
These include: Red Book
Trusted Network Interpretation
Lavender Book Trusted Data Base Management System Interpretation
Green Book Password Management Guideline
Tan Book Guide to Understanding Audit in Trusted Systems
Purple Book Guidelines for Formal Verification Systems
Burgundy Book Guide to Understanding Design Documentation in Trusted Systems